Dr. Rolf Jansen
2023-Feb-07 14:01 UTC
Pigeonhole Sieve Vacation Reply-To peculiarity with inbound AWS-SES
To begin with, usage of Amazons Simple Email Service (SES) is mandatory for outgoing mails from AWS-EC2 instances. The Pro is, it does work and we may utilize email relays with high reputation for our outgoing mails at no additional costs. The Con's are that (A) SES does not relay mails with empty <> MAIL FROM addresses and (B) it fiddles with the envelope addresses of the relayed mails. Anyway this is out of our control, and while I could avoid (A) by switching the e-mail service provider, I still have no control over (B) because this affects replying to emails from others using AWS-SES. Problem A) The empty-MAIL-FROM may be effectively addressed by setting Pigeonhole?s sieve_vacation_send_from_recipient to ?yes?. Problem B) Pigeonhole Vacation utilizes the senders envelope address of the inbound message as the reply-address. The problem here is that inbound mails from third parties utilizing AWS-SES come in with an unpersonalized envelope address and SES takes returns to this as bounce messages and changes the body's From: to ?MAILER-DAEMON at xx-zzzz-1.amazonses.com?, which is not even our MAILER-DAEMON but the one of the receiver of our reply. So the receiver gets no chance to know from the headers the identity of whom replied - he may assume it from the context the actual message, though. I found the setting sieve_vacation_to_header_ignore_envelope, which was introduced in 2017 (https://dovecot.org/list/dovecot-cvs/2017-August/028917.html). My finding is, that this resolves the problem only half way. For a local workaround, I changed Line 1119 of cmd-vacation.c https://github.com/dovecot/pigeonhole/blob/34431d7a67474c00d5b0554f5d45b867509f4a7a/src/lib-sieve/plugins/vacation/#L1119 to: struct smtp_address real_to; if (smtp_address_init_from_msg(&real_to, &reply_to) >= 0) sctx = sieve_smtp_start_single(senv, &real_to, smtp_from, &output); else sctx = sieve_smtp_start_single(senv, smtp_to, smtp_from, &output); That in place and setting sieve_vacation_to_header_ignore_envelope to ?yes?, effectively resolves problem B as well. Best regards Rolf Jansen
jeremy ardley
2023-Feb-07 20:54 UTC
Pigeonhole Sieve Vacation Reply-To peculiarity with inbound AWS-SES
On 7/2/23 22:01, Dr. Rolf Jansen wrote:> To begin with, usage of Amazons Simple Email Service (SES) is mandatory for outgoing mails from AWS-EC2 instances.I run AWS-EC2 instances using postfix to send a receive mail. They can send direct assuming I set up suitable SPF, but they typically forward mail to another host under my? control that is not on AWS to use as the outgoing server. Jeremy
Stephan Bosch
2023-Feb-08 11:37 UTC
Pigeonhole Sieve Vacation Reply-To peculiarity with inbound AWS-SES
https://doc.dovecot.org/settings/pigeonhole-ext/vacation/#pigeonhole_setting-sieve_vacation_send_from_recipient On 7-2-2023 15:01, Dr. Rolf Jansen wrote:> To begin with, usage of Amazons Simple Email Service (SES) is mandatory for outgoing mails from AWS-EC2 instances. The Pro is, it does work and we may utilize email relays with high reputation for our outgoing mails at no additional costs. The Con's are that (A) SES does not relay mails with empty <> MAIL FROM addresses and (B) it fiddles with the envelope addresses of the relayed mails. > > Anyway this is out of our control, and while I could avoid (A) by switching the e-mail service provider, I still have no control over (B) because this affects replying to emails from others using AWS-SES. > > Problem A) The empty-MAIL-FROM may be effectively addressed by setting Pigeonhole?s sieve_vacation_send_from_recipient to ?yes?. > > Problem B) Pigeonhole Vacation utilizes the senders envelope address of the inbound message as the reply-address. > > The problem here is that inbound mails from third parties utilizing AWS-SES come in with an unpersonalized envelope address and SES takes returns to this as bounce messages and changes the body's From: to ?MAILER-DAEMON at xx-zzzz-1.amazonses.com?, which is not even our MAILER-DAEMON but the one of the receiver of our reply. So the receiver gets no chance to know from the headers the identity of whom replied - he may assume it from the context the actual message, though. > > I found the setting sieve_vacation_to_header_ignore_envelope, which was introduced in 2017 (https://dovecot.org/list/dovecot-cvs/2017-August/028917.html). My finding is, that this resolves the problem only half way. > > For a local workaround, I changed Line 1119 of cmd-vacation.c > https://github.com/dovecot/pigeonhole/blob/34431d7a67474c00d5b0554f5d45b867509f4a7a/src/lib-sieve/plugins/vacation/#L1119 > > to: > > struct smtp_address real_to; > if (smtp_address_init_from_msg(&real_to, &reply_to) >= 0) > sctx = sieve_smtp_start_single(senv, &real_to, smtp_from, &output); > else > sctx = sieve_smtp_start_single(senv, smtp_to, smtp_from, &output); > > > That in place and setting sieve_vacation_to_header_ignore_envelope to ?yes?, effectively resolves problem B as well. > > Best regards > > Rolf Jansen